The Basics of Claims – Part 2 – Claim Usage Within SharePoint and Custom Applications
Before we cover how to use claims, it is important to discuss what they able to do for us. To really understand it though you need to have a good idea of the authentication process. You may be only thinking of one way for that to be done, but there are many of them. For example you may be using a Windows authentication so you assume it is only accessible in Windows. That is a common misconception though.
The same is true if you are covering the concept of ASP.NET when it has both memberships and a role as a provider. That is why we often think about passwords and usernames along these lines. There are plenty of common things out there about the different authentication systems to explore. One to pay attention to is the fact that there is a general issuing of claims that occurs with an issuer or an authority.
Yet it is the very issue of those claims and issuers that can be supported in a variety of ways. This is how the applications are going to vary in the ways that a user gains access to them. There has to be that trust in place for claims before the application can be accessed. Trust is a vital part of the claims based approach being in place. It is also done in a way that most people aren’t yet familiar with.
Using claims, you can successfully implement a role based control, commonly referred to as RBAC. It is important to understand that roles are claims but there is more information in them than when you are talking about roles by themselves. It is possible to send claims in a secured token that can even be encrypted. They are also going to be delivered via a issuer that you have trust in.
Identity is key to recognizing a user before they are allowed to access an application. Claims provides this method of recognizing who a user is. With the claims based approach as a model, it is very easy to sign in with the Kerberos in place. It is also easy to use various other forms of authentication though as many of them are deemed as being user friendly.
There is no need to change the coding or to configure the applications again. You will have the ability to support any type of authentication technique but most people use Kerberos as it is the most popular. However, you may want to look into the use of smart cards and X 509 certifications in order to expand your knowledge in this department.